General

  • Target

    92819abc5959ef5dcdec4ad5ffc638e8492d0deec4569fc9cef2501adec5474a

  • Size

    276KB

  • Sample

    220201-fp1nnshafk

  • MD5

    bbfa105715b98f8de465c8afcb4130ef

  • SHA1

    b73c7aed91aa18f558b1a9a378fea4e5535bdf4c

  • SHA256

    92819abc5959ef5dcdec4ad5ffc638e8492d0deec4569fc9cef2501adec5474a

  • SHA512

    ca8279c7b22805a19a02ea7a2793db800b987f9554233df2a709a3c136c8cf89c8c6d6944b05c5f09d0e39628ce39fd43a2861c83772a1cd2a9205401a3c214d

Malware Config

Extracted

Family

zloader

Botnet

25/03

C2

https://wgyvjbse.pw/milagrecf.php

https://botiq.xyz/milagrecf.php

Attributes
  • build_id

    103

rc4.plain

Targets

    • Target

      92819abc5959ef5dcdec4ad5ffc638e8492d0deec4569fc9cef2501adec5474a

    • Size

      276KB

    • MD5

      bbfa105715b98f8de465c8afcb4130ef

    • SHA1

      b73c7aed91aa18f558b1a9a378fea4e5535bdf4c

    • SHA256

      92819abc5959ef5dcdec4ad5ffc638e8492d0deec4569fc9cef2501adec5474a

    • SHA512

      ca8279c7b22805a19a02ea7a2793db800b987f9554233df2a709a3c136c8cf89c8c6d6944b05c5f09d0e39628ce39fd43a2861c83772a1cd2a9205401a3c214d

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks